Skip to content
CVSS 7.5 · HIGH

CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

Ver en NVD

Análisis

This WordPress plugin has over 90,000 active installations and is part of the widely used WordPress ecosystem. The vulnerability allows unauthenticated attackers to find and download complete database dumps due to predictable file paths, posing a high risk of data exfiltration for site administrators.

Severidad

Puntaje: 7.5(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-538

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 12.0%
EPSS: 2026-05-06

Descripción técnica

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then construct direct download URLs to retrieve sensitive backup archives containing full database dumps.

Publicada: 5/5/2026, 12:16:17
Última modificación: 5/5/2026, 19:47:57

Referencias

InicioEventosBlogRecursosEquipo